CVE-2024-50372

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier

Description: A vulnerability was discovered in the edgserver service of Advantech devices, allowing remote unauthenticated users to execute malicious commands with root privileges. The issue arises from the improper neutralization of special elements used in an OS command. No authentication is required to exploit this vulnerability, and it can be triggered by interacting with the default edgserver service.

Recommendations: For Advantech EKI-6333AC-2G versions 1.6.3 and earlier, consider disabling the edgserver service until a patch is available. For Advantech EKI-6333AC-2GD versions 1.6.3 and earlier, restrict access to the edgserver service to minimize the risk of exploitation. For Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier, avoid using the backup config to utility operation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.